Idea For sql protection

[inferno564]

ok am a noob at this so don't criticize me for suggesting this im just trying to help.

so couldn't you sanitize all the querys from the global php file and make it strip all the slashes or add them or what ever. that way you would have somewhat more security. Ya its better to go through all your files and secure them, but this would be like a fail safe. Just in case you forget a query or 2. ya i now you should write your code secure in the first place, but who does that lol :roll:

[Haunted Dawg]

Re: Idea For sql protection

It's doable, Nyna did that with a standard v2.0 and modified the db class. And it was almost impossible to exploit.

On the other hand, what protects you from HTML exploits? XSS exploits? I can easily gain admin on your game by simply using the preferences.

MCCodes is more vulnerable to html exploits than to SQL injection's.

[Lithium]

Re: Idea For sql protection

 

It's doable, Nyna did that with a standard v2.0 and modified the db class. And it was almost impossible to exploit.

On the other hand, what protects you from HTML exploits? XSS exploits? I can easily gain admin on your game by simply using the preferences.

MCCodes is more vulnerable to html exploits than to SQL injection's.

True, yet the html "exploits" are basicly caused for non compliant code, mcc php is bad, html is even worst. As quoted, an external or redone db class, is the best option. I use an external class, and haven't add any single problem on the sites where it was used. though is quite a pain to aplly it properly on already made games. starting from scratch, fix/secure while you get your game is also the best option.